Fri. Jan 28th, 2022
    en flag
    nl flag
    et flag
    fi flag
    fr flag
    de flag
    he flag
    ja flag
    lv flag
    pl flag
    pt flag
    ru flag
    es flag

    Content Assessment: DAM Ransomware! A Detection, Avoidance, and Mitigation Framework for Ransomware

    Information - 96%
    Insight - 95%
    Relevance - 91%
    Objectivity - 93%
    Authority - 94%

    94%

    Excellent

    A short percentage-based assessment of the qualitative benefit of the post highlighting a recent report on the detection, avoidance, and mitigation of ransomware.

    Background Note: Ransomware attacks have emerged as a major cybersecurity threat wherein user data is encrypted upon system infection. Latest Ransomware strands using advanced obfuscation techniques along with offline C2 Server capabilities are hitting individual users and big corporations alike. This problem has caused business disruption and, of course, financial loss. Since there is no such consolidated framework that can classify, detect and mitigate Ransomware attacks in one go, the authors of this review are motivated to present Detection Avoidance Mitigation (DAM), a theoretical framework to review and classify techniques, tools, and strategies to detect, avoid and mitigate Ransomware. The authors have thoroughly investigated different scenarios and compared the already existing state-of-the-art review research against their research. The case study of the infamous Djvu Ransomware is incorporated into this review to illustrate the modus-operandi of the latest Ransomware strands, including some suggestions to contain its spread.


    Review by Adhirath Kapoor, Ankur Gupta, Rajesh Gupta, Sudeep Tanwar, Gulshan Sharma, and Innocent E. Davidson*

    Ransomware Detection, Avoidance, and Mitigation Scheme: A Review and Future Directions

    Introduction

    Increased connectivity and digitization have facilitated cyber-criminals in designing and launching large-scale cyber-attacks targeting individuals and corporations worldwide. While individual naivete and lack of awareness enable these attacks to bypass basic security mechanisms, security vulnerabilities in the IT systems of small and large corporations are increasingly being exploited to cause business disruptions. The cyber-attack canvas keeps expanding rapidly as cyber-criminals consistently circumvent security provisions designed and deployed by organizations. Increasingly, the target of the attacks is data that is critical to individuals and organizations alike. Threat actors are cashing in on opportunities that can help them seize control of valuable data to demand a ransom from the data owner. Ransomware is a form of malware that infects a computer or multiple computers over a network, encrypting files and folders, rendering them unusable. Users are then prompted for a ransom typically to be paid in cryptocurrency. Ransomware is not a new threat, but its use is surging and causing heavy financial losses all over the world. It is a major challenge for cyber-security analysts and Reverse Engineers as typical Ransomware is not detected by anti-virus software due to its polymorphic nature.

    According to The State of Ransomware 2020, almost 51% of the organizations worldwide were hit by highly sophisticated Ransomware attacks in 2020. These attacks were using advanced command and control servers, making them challenging to reverse engineer. Among all the countries studied in the report, India was affected the most by the deadly Ransomware attacks, with almost eighty-two percent of organizations being hit by Ransomware. Netwalker is one of the newest and dangerous Ransomware strands. Its popularity is the method of propagation, using phishing emails related to COVID-19, thus luring the victim to download the attachments resulting in the execution of the portable binaries and system infection. In February 2021, the latest Ransomware strand, Zeoticus 2.0, successor to the infamous strand Zeoticus was released. Zeoticus 2.0 has raised the stakes since it is now proving extremely hard to control and mitigate. It can execute completely offline without requiring any command and control server. For receiving the Ransom payment, Zeoticus uses highly secure and encrypted Proton mail accounts to evade tracing.

    The history of Ransomware dates back to the late 1980s. The first Ransomware named Acquired Immunodeficiency Syndrome (AIDS) Trojan, was released via a floppy disk. The AIDS Trojan contained a program that would count the number of times a computer system was started, and once this count reached the number 90, all of the files would be encrypted. The only way to be able to use them again was to pay a ransom amount of $189. During the early days, Ransomware authors attacked victims to showcase their technical prowess. It was not until the early 2000s that cyber-criminals began to exploit users for financial gains as data gained primacy. In 2004, a Ransomware strand named GPCode was released. GPCode infected Windows Machines via e-mail attachments. It used a 660-Bit RSA key to encrypt files and folders. Since then, Ransomware families like WannaCry, Cerber, Petya, etc., have evolved and caused monetary damage worth billions of dollars.


    Read the Complete Review: Ransomware Detection, Avoidance, and Mitigation Scheme – A Review and Future Directions (PDF) – Mouseover to Scroll

    Ransomware Detection, Avoidance, and Mitigation Scheme- A Review and Future Directions

    Read the original review.

    Reference: Kapoor, A., Gupta, A., Gupta, R., Tanwar, S., Sharma, G., & Davidson, I. E. (2021). Ransomware Detection, Avoidance, and Mitigation Scheme: A Review and Future Directions. Sustainability14(1), 8. doi:10.3390/su14010008

    *Shared with permission under Open Access and distributed under CC By 4.0.


    Additional Reading

    Source: ComplexDiscovery

     

    Have a Request?

    If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.

    ComplexDiscovery is an online publication that highlights cyber, data, and legal discovery insight and intelligence ranging from original research to aggregated news for use by cybersecurity, information governance, and eDiscovery professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding cyber, data, and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.

    ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of cyber, data, and legal discovery organizations. Focused primarily on supporting the ComplexDiscovery publication, the company is registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world. The company operates virtually worldwide to deliver marketing consulting and services.

    Time to Assess? NIST Updates Security Control Assessment Procedures

    Security and privacy control assessments are not about checklists, simple pass/fail...

    [2021/2022 Annual Update] International Cyber Law in Practice: Interactive Toolkit

    New scenarios ranging from cyber operations against medical facilities to a...

    A Comprehensive Cyber Discovery Resource? The DoD Cybersecurity Policy Chart from CSIAC

    The Cyber Security and Information Systems Information Analysis Center (CSIAC) is...

    Business Interrupted? The 11th Edition of the Annual Allianz Risk Barometer

    According to the new report, following a year of unprecedented cyber-attacks,...

    A Nuix Update: First Half 2022 Financial Results

    Since the Trading Update at the Annual General Meeting (AGM) covering...

    Mitratech Acquires Quovant

    According to Mike Williams, CEO of Mitratech, “We are thrilled to...

    eDiscovery Mergers, Acquisitions, and Investments in 2021

    Since beginning to track the number of publicly highlighted merger, acquisition,...

    eDiscovery Mergers, Acquisitions, and Investments in Q4 2021

    From Consilio and Epiq to Driven and Innovative Discovery, the following...

    Trusting the Process? 2021 eDiscovery Processing Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    The Year in Review? 2021 eDiscovery Review Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    A 2021 Look at eDiscovery Collection: Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    An eDiscovery Market Size Mashup: 2021-2026 Worldwide Software and Services Overview

    From market retraction in 2020 to resurgence in 2021, the worldwide...

    Five Great Reads on Cyber, Data, and Legal Discovery for January 2022

    From artificial intelligence and machine learning to business confidence and cybersecurity...

    Five Great Reads on Cyber, Data, and Legal Discovery for December 2021

    From CISA cybersecurity guidance to mastering megamatters, the December 2021 edition...

    Five Great Reads on Cyber, Data, and Legal Discovery for November 2021

    From worldwide eDiscovery market sizing and discovery intelligence to cybersecurity playbooks...

    Five Great Reads on Cyber, Data, and Legal Discovery for October 2021

    From artificial intelligence and predictive coding to eDiscovery business confidence and...

    A Talent Trap? Issues Impacting eDiscovery Business Performance: A Winter 2022 Overview

    In the winter of 2022, 35.2% of respondents viewed lack of...

    Transfers in Order? eDiscovery Operational Metrics in the Winter of 2022

    In the winter of 2021, 43 eDiscovery Business Confidence Survey participants...

    A View from the Top? Winter 2022 eDiscovery Business Confidence Survey Results

    Since January 2016, 2,649 individual responses to twenty-five quarterly eDiscovery Business...

    Common Cents? An Aggregate Overview of Seven Semi-Annual eDiscovery Pricing Surveys

    The anonymized aggregate results from seven semi-annual surveys highlight eDiscovery pricing...